2023-12-05 10:16:50 -05:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
package provider
import (
"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
)
const (
// attributeInput is the attribute type used for input variables.
attributeInput attributeType = true
// attributeOutput is the attribute type used for output variables.
attributeOutput attributeType = false
)
type attributeType bool
2023-12-18 04:15:54 -05:00
func newAttestationVariantAttributeSchema ( t attributeType ) schema . Attribute {
2023-12-05 10:16:50 -05:00
isInput := bool ( t )
return schema . StringAttribute {
Description : "Attestation variant the image should work with. (e.g. `azure-sev-snp`)" ,
MarkdownDescription : "Attestation variant the image should work with. Can be one of:\n" +
" * `aws-sev-snp`\n" +
" * `aws-nitro-tpm`\n" +
" * `azure-sev-snp`\n" +
2024-01-26 09:46:21 -05:00
" * `azure-tdx`\n" +
2024-03-06 14:48:40 -05:00
" * `gcp-sev-es`\n" +
" * `qemu-vtpm`\n" ,
2023-12-05 10:16:50 -05:00
Required : isInput ,
Computed : ! isInput ,
Validators : [ ] validator . String {
2024-03-06 14:48:40 -05:00
stringvalidator . OneOf ( "aws-sev-snp" , "aws-nitro-tpm" , "azure-sev-snp" , "azure-tdx" , "gcp-sev-es" , "qemu-vtpm" ) ,
2023-12-05 10:16:50 -05:00
} ,
}
}
2023-12-18 04:15:54 -05:00
func newCSPAttributeSchema ( ) schema . Attribute {
2023-12-05 10:16:50 -05:00
return schema . StringAttribute {
Description : "CSP (Cloud Service Provider) to use. (e.g. `azure`)" ,
MarkdownDescription : "CSP (Cloud Service Provider) to use. (e.g. `azure`)\n" +
"See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports." ,
Required : true ,
Validators : [ ] validator . String {
2024-03-06 14:48:40 -05:00
stringvalidator . OneOf ( "aws" , "azure" , "gcp" , "openstack" , "stackit" ) ,
2023-12-05 10:16:50 -05:00
} ,
}
}
2023-12-18 04:15:54 -05:00
func newMeasurementsAttributeSchema ( t attributeType ) schema . Attribute {
2023-12-05 10:16:50 -05:00
isInput := bool ( t )
return schema . MapNestedAttribute {
Computed : ! isInput ,
Required : isInput ,
NestedObject : schema . NestedAttributeObject {
Attributes : map [ string ] schema . Attribute {
"expected" : schema . StringAttribute {
Required : isInput ,
Computed : ! isInput ,
} ,
"warn_only" : schema . BoolAttribute {
Required : isInput ,
Computed : ! isInput ,
} ,
} ,
} ,
}
}
2023-12-18 04:15:54 -05:00
// measurementAttribute is the measurement attribute's data model.
type measurementAttribute struct {
Expected string ` tfsdk:"expected" `
WarnOnly bool ` tfsdk:"warn_only" `
}
func newAttestationConfigAttributeSchema ( t attributeType ) schema . Attribute {
2023-12-05 10:16:50 -05:00
isInput := bool ( t )
2023-12-14 09:47:55 -05:00
var additionalDescription string
if isInput {
additionalDescription = " The output of the [constellation_attestation](../data-sources/attestation.md) data source provides sensible defaults. "
}
2023-12-05 10:16:50 -05:00
return schema . SingleNestedAttribute {
Computed : ! isInput ,
Required : isInput ,
2024-01-26 09:46:21 -05:00
MarkdownDescription : "Attestation comprises the measurements and CVM specific parameters." + additionalDescription ,
Description : "Attestation comprises the measurements and CVM specific parameters." + additionalDescription ,
2023-12-05 10:16:50 -05:00
Attributes : map [ string ] schema . Attribute {
2023-12-18 04:15:54 -05:00
"variant" : newAttestationVariantAttributeSchema ( t ) , // duplicated for convenience in cluster resource
2023-12-05 10:16:50 -05:00
"bootloader_version" : schema . Int64Attribute {
Computed : ! isInput ,
Required : isInput ,
} ,
"tee_version" : schema . Int64Attribute {
Computed : ! isInput ,
Required : isInput ,
} ,
"snp_version" : schema . Int64Attribute {
Computed : ! isInput ,
Required : isInput ,
} ,
"microcode_version" : schema . Int64Attribute {
Computed : ! isInput ,
Required : isInput ,
} ,
"azure_firmware_signer_config" : schema . SingleNestedAttribute {
Computed : ! isInput ,
Optional : isInput ,
Attributes : map [ string ] schema . Attribute {
"accepted_key_digests" : schema . ListAttribute {
Computed : ! isInput ,
Optional : isInput ,
ElementType : types . StringType ,
} ,
"enforcement_policy" : schema . StringAttribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
"maa_url" : schema . StringAttribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
} ,
} ,
"amd_root_key" : schema . StringAttribute {
Computed : ! isInput ,
Required : isInput ,
} ,
2024-01-26 09:46:21 -05:00
"tdx" : schema . SingleNestedAttribute {
Computed : ! isInput ,
Optional : isInput ,
Attributes : map [ string ] schema . Attribute {
"qe_svn" : schema . Int64Attribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
"pce_svn" : schema . Int64Attribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
"tee_tcb_svn" : schema . StringAttribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
"qe_vendor_id" : schema . StringAttribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
"mr_seam" : schema . StringAttribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
"xfam" : schema . StringAttribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
"intel_root_key" : schema . StringAttribute {
Computed : ! isInput ,
Optional : isInput ,
} ,
} ,
} ,
2023-12-18 04:15:54 -05:00
"measurements" : newMeasurementsAttributeSchema ( t ) ,
} ,
}
}
// attestationAttribute is the attestation attribute's data model.
type attestationAttribute struct {
BootloaderVersion uint8 ` tfsdk:"bootloader_version" `
TEEVersion uint8 ` tfsdk:"tee_version" `
SNPVersion uint8 ` tfsdk:"snp_version" `
MicrocodeVersion uint8 ` tfsdk:"microcode_version" `
AMDRootKey string ` tfsdk:"amd_root_key" `
AzureSNPFirmwareSignerConfig azureSnpFirmwareSignerConfigAttribute ` tfsdk:"azure_firmware_signer_config" `
2024-01-26 09:46:21 -05:00
TDX tdxConfigAttribute ` tfsdk:"tdx" `
2023-12-18 04:15:54 -05:00
Variant string ` tfsdk:"variant" `
Measurements map [ string ] measurementAttribute ` tfsdk:"measurements" `
}
// azureSnpFirmwareSignerConfigAttribute is the azure firmware signer config attribute's data model.
type azureSnpFirmwareSignerConfigAttribute struct {
AcceptedKeyDigests [ ] string ` tfsdk:"accepted_key_digests" `
EnforcementPolicy string ` tfsdk:"enforcement_policy" `
MAAURL string ` tfsdk:"maa_url" `
}
2024-01-26 09:46:21 -05:00
// tdxConfigAttribute groups the TDX specific attributes for Constellation.
type tdxConfigAttribute struct {
QESVN uint16 ` tfsdk:"qe_svn" `
PCESVN uint16 ` tfsdk:"pce_svn" `
TEETCBSVN string ` tfsdk:"tee_tcb_svn" `
QEVendorID string ` tfsdk:"qe_vendor_id" `
MRSeam string ` tfsdk:"mr_seam" `
XFAM string ` tfsdk:"xfam" `
IntelRootKey string ` tfsdk:"intel_root_key" `
}
2023-12-18 04:15:54 -05:00
func newImageAttributeSchema ( t attributeType ) schema . Attribute {
isInput := bool ( t )
return schema . SingleNestedAttribute {
Description : "Constellation OS Image to use on the nodes." ,
MarkdownDescription : "Constellation OS Image to use on the nodes." ,
Computed : ! isInput ,
Required : isInput ,
Attributes : map [ string ] schema . Attribute {
"version" : schema . StringAttribute {
Description : "Semantic version of the image." ,
MarkdownDescription : "Semantic version of the image." ,
Computed : ! isInput ,
Required : isInput ,
} ,
"reference" : schema . StringAttribute {
Description : "CSP-specific unique reference to the image. The format differs per CSP." ,
MarkdownDescription : "CSP-specific unique reference to the image. The format differs per CSP." ,
Computed : ! isInput ,
Required : isInput ,
} ,
"short_path" : schema . StringAttribute {
Description : "CSP-agnostic short path to the image. The format is `vX.Y.Z` for release images and `ref/$GIT_REF/stream/$STREAM/$SEMANTIC_VERSION` for pre-release images." ,
MarkdownDescription : "CSP-agnostic short path to the image. The format is `vX.Y.Z` for release images and `ref/$GIT_REF/stream/$STREAM/$SEMANTIC_VERSION` for pre-release images.\n" +
"- `$GIT_REF` is the git reference (i.e. branch name) the image was built on, e.g. `main`.\n" +
"- `$STREAM` is the stream the image was built on, e.g. `nightly`.\n" +
"- `$SEMANTIC_VERSION` is the semantic version of the image, e.g. `vX.Y.Z` or `vX.Y.Z-pre...`." ,
Computed : ! isInput ,
Required : isInput ,
} ,
2024-03-01 11:06:02 -05:00
"marketplace_image" : schema . BoolAttribute {
Description : "Whether a marketplace image should be used." ,
MarkdownDescription : "Whether a marketplace image should be used." ,
Optional : true ,
} ,
2023-12-05 10:16:50 -05:00
} ,
}
}
2023-12-18 04:15:54 -05:00
// imageAttribute is the image attribute's data model.
type imageAttribute struct {
2024-03-01 11:06:02 -05:00
Reference string ` tfsdk:"reference" `
Version string ` tfsdk:"version" `
ShortPath string ` tfsdk:"short_path" `
MarketplaceImage * bool ` tfsdk:"marketplace_image" `
2023-12-18 04:15:54 -05:00
}